<div dir="ltr"><div dir="ltr"> </div> <div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 8, 2021 at 5:56 PM Stefan Berger <<a href="mailto:stefanb@linux.ibm.com">stefanb@linux.ibm.com</a>> wrote: </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Using swtpm v0.7.0 we can run swtpm_setup to create default config files for swtpm_setup and swtpm-localca in session mode. Now a user can start a VM with an attached TPM without having to run this program on the command line before. This program needs to run once. This patch addresses the issue raised in <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2010649" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=2010649</a> Signed-off-by: Stefan Berger <<a href="mailto:stefanb@linux.ibm.com" target="_blank">stefanb@linux.ibm.com</a>> </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> v2: - fixed return code if swtpm_setup doesn't support the option --- src/qemu/qemu_tpm.c | 43 +++++++++++++++++++++++++++++++++++++++++++ src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 3 files changed, 45 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 100481503c..bf6c8e5ad5 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -385,6 +385,46 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid, return virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_len); } + +/* + * qemuTPMCreateConfigFiles: run swtpm_setup --create-config-files skip-if-exist + * + * @logfile: The file to write the log into; it must be writable + * for the user given by userid or 'tss' + */ +static int +qemuTPMCreateConfigFiles(const char *logfile) +{ + g_autofree char *swtpm_setup = virTPMGetSwtpmSetup(); + g_autoptr(virCommand) cmd = NULL; + int exitstatus; + + if (!swtpm_setup) + return -1; + + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES)) + return 0; + + cmd = virCommandNew(swtpm_setup); + if (!cmd) + return -1; + + virCommandAddArgList(cmd, "--create-config-files", "skip-if-exist", NULL); + virCommandClearCaps(cmd); + + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Could not run '%s' to create config files. exitstatus: %d; " + "Check error log '%s' for details."), + swtpm_setup, exitstatus, logfile); </blockquote><div> </div><div>logfile isn't used, it seems </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> + return -1; + } + + return 0; +} + + /* * qemuTPMEmulatorRunSetup * @@ -432,6 +472,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath, "this requires privileged mode for a " "TPM 1.2\n"), 0600); + if (!privileged && qemuTPMCreateConfigFiles(logfile)) + return -1; + cmd = virCommandNew(swtpm_setup); if (!cmd) return -1; diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 1a567139b4..0f50de866c 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -45,6 +45,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature, VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, VIR_TPM_SWTPM_SETUP_FEATURE_LAST, "cmdarg-pwdfile-fd", + "cmdarg-create-config-files", ); /** diff --git a/src/util/virtpm.h b/src/util/virtpm.h index d021a083b4..3bb03b3b33 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -38,6 +38,7 @@ typedef enum { typedef enum { VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD, + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES, VIR_TPM_SWTPM_SETUP_FEATURE_LAST } virTPMSwtpmSetupFeature; -- 2.31.1 </blockquote><div> </div><div>lgtm otherwise </div></div></div>